CHANNEL BY TOPICS

QUICK LINKS

Featured Article from Cloud Security

SANS Institute Shows True Power of Automated Threat Detection

Share

Tweet

December 14, 2015

By Steve Anderson
Contributing Writer

A system that can automatically detect a potential threat and respond to it can be a great thing; many of us have actually seen such systems at work with lights connected to motion detectors. The SANS Institute (News - Alert), meanwhile, released a report about the value of automated threat detection for network use, and revealed that such systems can be a big part of reaching key goals.

The SANS Institute findings, backed up by Vectra Networks, showed that the use of behavioral analysis, data science and machine learning can be part of a larger automated threat detection system, and such a system is a powerful defense. It's sufficiently powerful that it can help improve or otherwise complement standard security and allow for goals that are part of Critical Security Controls (CSCs) to be met.

CSCs are a product of not only the SANS Institute itself, but also the Center for Internet Security (CIS), and mainly address the most likely and most dangerous attacks to help get the most out of security efforts. This lets organizations get the most return on investment in security.

As Barbara Filkins, a senior analyst with the SANS Institute describes, the best advantage of using automated threat detection is that it can help spot new patterns, as well as abnormal behavior, before it becomes a greater threat. By knowing what the standard is, it can spot deviation from that standard which may be an attack in the making and respond accordingly. CIS CEO Jane Lute offered similar content, noting that CSCs allow for sufficient “...essential hygiene to manage risks.”

The only problem with automated threat detection—as anyone who has ever seen those motion-detector lights in operation knows—is that sometimes automated systems can react to irregularities that aren't really threats at all. A motion light can be as readily activated by a stray cat or a particularly strong gust of wind as it can be by an actual burglar, and that potential for “crying wolf” can reduce overall security effectiveness. Just as a motion light repeatedly turning on in the midst of a windy night conditions cause people not to check it, so too might an overzealous automated system spark similar lassitude. However, this might be mitigated by adjusting the system to not go after certain irregularities, thus helping ensure that automated threat detection detects threats, and only threats.

Still, it's certainly a worthwhile course of action to consider. Since it works in real time, it may prove a help where nothing else would, and having automated systems to monitor such things helps take strain off network administrators who might have had to do it manually. The proper use of such systems could make these valuable help in an environment ever more prone to attack.